[squid-dev] [PATCH] TLS: Disable client-initiated renegotiation
Tsantilas Christos
chtsanti at users.sourceforge.net
Fri Jun 5 11:16:02 UTC 2015
Hi Paulo,
Which is the openSSL version in a Debian wheezy system?
My understanding is that openSSL-0.9.8m and later, by default provides
protection against this bug.
The openSSL provides the following flags to control the renegotiation:
- SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION flag for an openSSL server
- SSL_OP_LEGACY_SERVER_CONNECT and
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION for an openSSL client.
This is what OpenSSL manual says for the behaviour of an openSSL server
on renegotiation:
"The initial connection succeeds but client renegotiation is denied by
the server with a no_renegotiation warning alert if TLS v1.0 is used or
a fatal handshake_failure alert in SSL v3.0.
If the patched OpenSSL server attempts to renegotiate a fatal
handshake_failure alert is sent. This is because the server code may be
unaware of the unpatched nature of the client.
If the option SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then
renegotiation always succeeds."
Reference:
https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
We may have problem in squid openSSL client.
But we can add support for these flags and allow users set them in squid
configuration file. Is n't it better?
On 06/04/2015 09:51 PM, Paulo Matias wrote:
> Hi all,
>
> This patch disables client-initiated renegotiation, mitigating a DoS attack
> which might be possible with some builds of the OpenSSL library. We have been
> warned about this when testing our service with the Qualys SSL Test
> (https://www.ssllabs.com/ssltest) back when it was running in a Debian wheezy
> system. Further information is available at:
> https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
> Our solution is similar to the one adopted in pureftpd:
> https://github.com/jedisct1/pure-ftpd/blob/549e94aaa093a48622efd6d91fdfb3a4236c13f4/src/tls.c#L106
>
> This was previously posted to squid-users, but modified since then to implement
> Amos's suggestions:
>
>> * please avoid #ifdef and #ifndef in new code.
>> - use #if defined() style instead.
>> * please wrap the entire ssl_info_cb() definition in the #if
>> conditionals and the appropriate calling lines.
>
> We welcome any additional suggestions or comments.
>
> Best regards,
> Paulo Matias
>
>
> -------------- next part --------------
> === modified file 'src/ssl/support.cc'
> --- src/ssl/support.cc 2015-06-03 10:42:08 +0000
> +++ src/ssl/support.cc 2015-06-04 12:59:30 +0000
> @@ -823,12 +823,28 @@
> return dh;
> }
>
> +#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
> +static void
> +ssl_info_cb(const SSL *ssl, int where, int ret)
> +{
> + (void)ret;
> + if ((where & SSL_CB_HANDSHAKE_DONE) != 0) {
> + // disable renegotiation (CVE-2009-3555)
> + ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
> + }
> +}
> +#endif
> +
> static bool
> configureSslContext(SSL_CTX *sslContext, AnyP::PortCfg &port)
> {
> int ssl_error;
> SSL_CTX_set_options(sslContext, port.sslOptions);
>
> +#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
> + SSL_CTX_set_info_callback(sslContext, ssl_info_cb);
> +#endif
> +
> if (port.sslContextSessionId)
> SSL_CTX_set_session_id_context(sslContext, (const unsigned char *)port.sslContextSessionId, strlen(port.sslContextSessionId));
>
> @@ -1045,6 +1061,10 @@
>
> SSL_CTX_set_options(sslContext, Ssl::parse_options(options));
>
> +#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
> + SSL_CTX_set_info_callback(sslContext, ssl_info_cb);
> +#endif
> +
> if (*cipher) {
> debugs(83, 5, "Using chiper suite " << cipher << ".");
>
>
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
>
--
Tsantilas Christos
Network and Systems Engineer
email:christos at chtsanti.net
web:http://www.chtsanti.net
Phone:+30 6977678842
More information about the squid-dev
mailing list